What do Chinese hackers want?

Radio Free Asia, What do Chinese hackers want?, 5 February 2013, available at: http://www.refworld.org/docid/511ce45ec.html [accessed 4 March 2015]

Disclaimer

This is not a UNHCR publication. UNHCR is not responsible for, nor does it necessarily endorse, its content. Any views expressed are solely those of the author or publisher and do not necessarily reflect those of UNHCR, the United Nations or its Member States.

Recent hacker attacks on U.S. media organizations thought to have originated in China are likely to have been motivated by a desire to uncover the sources of information embarrassing to leaders in Beijing, according to Chinese communications and security experts.

Last week, The New York Times newspaper accused hackers traced to China of "persistently" infiltrating its computer networks over the last four months, sparking an angry denial from Beijing.

The timing of the attacks came as the paper's journalists were researching several billion dollars' worth of assets it later reported were held secretly by relatives of outgoing premier Wen Jiabao.

The paper had hired a team of computer security experts to trace the hacker attacks and block any back doors through which they were gaining access to the system, it said.

"China wanted to know the source of the material on some of its wealthiest families," said Wu Fei, professor in the school of Journalism and Communication at Jinan University, who has just returned from several months' research in the U.S.

"While much of the information on the wealth belonging to families of Chinese leaders is in the public domain, it is only part of a vast ocean of data. So without pointers, it's like trying to find a needle in a haystack," Wu said.

"China's hackers wanted to find out what was known."

Second paper attacked

Soon after The New York Times made its announcement about the attack, The Wall Street Journal followed suit with similar revelations.

The paper said the hackers had targeted information regarding its reporting on China, and hadn't been directed at commercially valuable data or at confidential client details.

Wu said the report was in line with unofficial reports of attacks on the e-mail accounts of China-linked people in the U.S.

"When I was working in a U.S. think tank, people were saying that the e-mail account of the lead researcher engaged in China-related research was always being hacked," Wu said.

The Chinese government has repeatedly denied any involvement in hacker activities, saying it is opposed to them.

'Irresponsible' charges?

Chinese foreign ministry spokesman Hong Lei said last week that the suggestion that China was involved in the hacker attacks on The New York Times was "irresponsible."

However, a U.S.-based Internet security expert surnamed Xia said Chinese hackers tend to use phishing attacks to gain access to remote computers.

"The hackers will pose as your friend and send you an e-mail which they say you have to open, so you open it, and then the problems start," Xia said.

"Defending against such attacks is directly connected to the level of security awareness on the part of an organization's employees," he said.

He said China's hackers have access to huge resources in terms of manpower and time. "Sometimes they will go through a target's friends, or even friends of friends, to pull the wool over their eyes," Xia said.

"Step by step, they get closer to their target."

Xia said he believes that hacker attacks originating in China are unlikely to be the work of individuals.

"That doesn't necessarily mean that this is happening on orders from the top, however," he said.

"There are plenty of low- to mid-ranking officials who might do something to win praise from their superiors."

Repeated attempts

According to a report to Congress last November by the U.S. China Economic and Security Review Commission, China continues to develop its capabilities in the cyber arena.

"U.S. industry and a range of government and military targets face repeated exploitation attempts by Chinese hackers as do international organizations and nongovernmental groups including Chinese dissident groups, activists, religious organizations, rights groups, and media institutions," the report said.

In August 2011, China rejected suggestions that it was behind a massive cyberspying initiative reported earlier that month by security firm McAfee.

McAfee said in a report titled "Operation Shady RAT" that hackers compromised computer security at more than 70 global organizations, including the U.N. and U.S. government bodies, sparking speculation that China was behind the attacks.

McAfee did not identify any country behind the hacking campaign, but its security experts had said in February last year that hackers working from China had targeted the computers of oil and gas companies in the U.S., Greece, Taiwan, and Kazakhstan.

The "coordinated, covert, and targeted" attacks began in November 2009, and the hackers succeeded in stealing sensitive information, it said.

Reported by Wen Jian for RFA's Mandarin service. Translated and written in English by Luisetta Mudie.